New Directions in Project Management by Paul C. Tinnirello

RISK IDENTIFICATION

There are many potential risks confronting outsourcing agreements. These risks can fall into one of three categories: legal, operational, and financial.

Legal risks involve litigious issues, prior to, and after negotiating an agreement, such as:

§ Including unclear clauses in the agreement

§ Locking into an unrealistic long-term contract

§ Not having the right to renegotiate contract

§ Omitting the issue of subcontractor management

Operational risks involve ongoing management of an agreement, such as:

§ Becoming too dependent on a vendor for mission-critical services

§ Inability to determine the quality of the services being delivered

§ Not having accurate or meaningful reporting requirements

§ Select a vendor having a short life expectancy

§ Unable to assess the level of services provided by a vendor

§ Vendor failure to provide an adequate level of services

Financial risks involve the costs of negotiating, maintaining, and concluding agreements, such as:

§ Not receiving sufficient sums for penalties and damages

§ Paying large sums to terminate agreements

§ Paying noncompetitive fees for services

These categories of risks are not mutually exclusive; they overlap. However, the categories help to identify the risks, determine their relative importance to one another, and recognize the adequacy of any controls that do exist.

The risks also vary, depending on the phase in the life cycle of an outsourcing agreement. There are essentially seven phases to an outsourcing agreement: (1) determine the business case for or against outsourcing; (2) search for vendors; (3) select a vendor; (4) conduct negotiations; (5) consummate an agreement; (6) manage the agreement; and (7) determine the business case to decide whether to renew, renegotiate, or terminate a contract. Exhibit 1 lists some of the risks that could exist for each phase.

Exhibit 1. A Sample of the Risks in Each Phase

Phase

Risk

Determine the business case for or

Using incorrect data

against outsourcing

Search for vendors

Using a limited selection list

Select a vendor

Entering biases into the selection

Conduct negotiations

Not having the right people participate in

the negotiations

Consummate an agreement

“Caving in” to an unfair agreement

Manage the agreement

Providing minimal expertise to oversee

the agreement

Determine the business case to renew,

Ceasing a relationship in a manner that

renegotiate, or terminate the contract

could incur high legal costs

RISK ANALYSIS

After identifying the risks, the next action is to determine their relative importance to one another and their respective probability of occurrence. The ranking of importance depends largely on the goals and objectives that the agreement must achieve.

There are three basic approaches for analyzing risks: quantitative, qualitative, and a combination of the two.

Quantitative risk analysis uses mathematical calculations to determine each risk’

s

relative importance to another and their respective probabilities of occurrence. The Monte Carlo simulation technique is an example.

Qualitative risk analysis relies less on mathematical calculations and more on judgment to determine each risk’

s relative importance to another and their

respective probabilities of occurrence. Heuristics, or rules of thumb, are an example.

A combination of the two uses both quantitative and qualitative considerations to determine a risk’

s relative importance to another and their probabilities of

occurrence. The precedence diagramming method, whic h uses an ordinal approach to determine priorities according to some criterion, is an example.

Whether using quantitative, qualitative, or a combination of the techniques, the results of the analysis should look like Exhibit 2.

Exhibit 2. Analysis Result

Risk

Probability of Impact

Occurrence

Unable to assess the level of services provided by a

High

Major

vendor

Locking into an unrealistic long-term contract

Low

Major

Select a vendor that has a short life expectancy

Medium

Major

Paying large sums to terminate agreements

High

Minor

RISK CONTROL

There are three categories of controls: preventive, detective, and corrective.

Preventive controls mitigate or stop a threat from exploiting the vulnerabilities of a project. Detective controls disclose the occurrence of an event and preclude similar exploitation in the future. Corrective controls require addressing the impact of a threat and then establishing controls to preclude any future impacts.

With analysis complete, the next action is to identify controls that should exist to prevent, detect, or correct the impact of risks. This step requires looking at a number of factors in the business environment that an outsourcing agreement will be applied to, factors like agreement options (e.g., co-sourcing, outtasking), core competencies, and information technology assets, market conditions, and mission-critical systems.

There are many preventive, detective, and corrective controls to apply during all phases of outsourcing agreements (see Exhibit 3).

Exhibit 3. The Result of Analysis

Preventive Controls

Detective Controls

Corrective Controls

Provide ongoing oversight

Establish minimum levels Re-negotiating because of

during the execution of the of performance in an

changing market conditions

agreement

agreement

Have the right to approve or Maintain ongoing

Identify conditions for

disapprove of

communications with the discontinuing a contract

subcontractors

vendor

After identifying the controls that should exist, the next action is to verify their existence for prevention, detection, or correction. To determine the controls that exist requires extensive time and effort. This information is often acquired through interviews, literature reviews, and having a thorough knowledge of a subject. The result is an identification of controls that do exist and ones lacking or needing improvement.

Having a good idea of the type and nature of the risks confronting an outsourcing agreement, the next step is to strengthen or add controls. That means deciding whether to accept, avoid, adopt, or transfer risk. To accept a risk means letting it occur and taking no action. An example is to lock into a long-term agreement regardless of conditions. To avoid a risk is taking action in order to not confront a risk. An example is to selectively outsource noncritical services. To adopt means living with a risk and dealing with it by “working around it.” An example is a willingness to assume services when the vendor fails to perform. To transfer means shifting a risk over to someone or something else. An example is subcontracting.

TOOLS

The “burden” of risk management can lighten with the availability of the right software tool. A good number of tools now operate on the microcomputer and support risk identification, analysis, and reporting or a combination. Choosing the right tool is important and, therefore, should have a number of features. At a minimum, it should be user-friendly, interact with other application packages, and generate meaningful reports. One of the more popular packages is Monte Carlo for Primavera™.

CONCLUSION

Risk management plays an important role in living with a workable, realistic outsourcing agreement. Unfortunately, risk assessment takes “back seat” before, during, and after negotiating an agreement. As a result, many firms are now renegotiating and canceling agreements. Some examples include large and small firms canceling long-term, costly agreements with highly reputable vendors. The key is to use risk assessment both as a negotiation tool and a means for entering into an agreement that provides positive results.

Chapter 28: Hiring and Managing Consultants John P. Murray

OVERVIEW

Managing outside consultants requires a specific set of skills. Among those skills are the abilities to select the right people, to clearly identify and explain the assignment, and to maintain appropriate management discipline during the length of the assignment. IT managers must recognize the need to deal with several circumstances. Consultants have to be managed so that their leaving will not create difficulties. Once consultants complete the assignment, they should be able to move on.

IT managers and consultants should work together to provide a level of value beyond the basics of the project. For example, simply completing a project may not be enough; there will be a requirement for documentation so someone in the organization can continue to manage the project. Training staff members who take over a project prior to the consultant’

s leaving is another exa mple of added value.

An additional concern is selecting consultants to carry out a project. Different consulting organizations offer different sets of skills and services. Finding a consulting organization is not difficult, but it can be a challenge to find the appropriate organization that can produce professional results. Working with consultants is expensive, and it is important to make the right choice with the first choice. IT managers who thoroughly understand how to hire and manage consultants benefit the most from using consultants.

WAYS OF MANAGING CONSULTANTS

Because IT managers are ultimately responsible for the success or failure of a project, they must thoroughly document a project’

s history in case the project fails. When the

heat rises because of a failed IT project, facts can sometimes get lost in the scramble to place blame. Consultants have experience in dealing with projects in difficulty and they can be adroit in defending themselves. Also, consultants probably have a better set of sales skills than many IT managers and can use those selling skills to bolster their position in the event of difficulty.

Whether or not a project is in difficulty, an astute IT manager is careful to gather and document facts about consultants’

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115

Leave a Reply 0

Your email address will not be published. Required fields are marked *